With floats we cannot represent all 32bit integer dimensions
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Change the stride argument to ptrdiff_t in the following functions:
ff_put_no_rnd_vc1_chroma_mc8_mmi, ff_put_no_rnd_vc1_chroma_mc4_mmi,
ff_avg_no_rnd_vc1_chroma_mc8_mmi, ff_avg_no_rnd_vc1_chroma_mc4_mmi.
Reviewed-by: Shiyou Yin <yinshiyou-hf@loongson.cn>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Allows the creation of the sdtp atom while remuxing MP4 to MP4. This
atom is required by Apple devices (iPhone, Apple TV) in order to accept
2160p medias.
zmbvenc allocates a buffer for a picture with padding on all four sides:
The stride is choosen so large that it already contains padding on the
right; the height also includes padding rows. The padding on the right
of each row is also reused as padding for the left of the next row. So
one still needs to add padding on the left for the first row. This is done
by offsetting the actual pointer used to access the picture from the
pointer returned by av_mallocz and the formula for this offset was
wrong, because it ignored that a pixel can take more than one byte when
calculating the offset resulting from the left padding of the first row.
This fixes accesses outside of the allocated buffer that were reported
in tickets #7980 and #7994. No writes were ever attempted outside of
the buffer.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
do_streamcopy() has a packet that gets zero-initialized first, then gets
initialized via av_init_packet() after which some of its fields are
oerwritten again with the actually desired values (unless it's EOF): The
side data is copied into the packet with av_copy_packet_side_data() and
if the source packet is refcounted, the packet will get a new reference
to the source packet's data. Furthermore, the flags are copied and the
timestamp related fields are overwritten with new values.
This commit replaces this by using av_packet_ref() to both initialize
the packet as well as populate its fields with the right values (unless
it's EOF again in which case the packet will still be initialized). The
differences to the current approach are as follows:
a) There is no call to a deprecated function (av_copy_packet_side_data())
any more.
b) Several fields that weren't copied before are now copied from the source
packet to the new packet (e.g. pos). Some of them (the timestamp related
fields) may be immediately overwritten again and some don't seem to be
used at all (e.g. pos), but in return using av_packet_ref() allows to forgo
the initializations.
c) There was no check for whether copying side data fails or not. This
has been changed: Now the program is exited in this case.
Using av_packet_ref() does not lead to unnecessary copying of data,
because the source packets are already always refcounted (they originate
from av_read_frame()).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Not only the first, but each latest chunk must be cached to allow
seekback after finding the mime boundary.
Fixes trac #5023 and #5921.
Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
According to RFC1341, the multipart boundary indicated by the
Content-Type header must be prepended by CRLF + "--", and followed
by CRLF. In the case of strict MIME header boundary handling, the
"--" was forgotten to add.
Fixes trac #7921.
A side effect is that this coincidentally breaks enforcement of
strict MIME headers against servers running motion < 3.4.1, where
the boundary announcement in the HTTP headers incorrectly used the
prefix "--", which exactly matched this bug's behavior.
Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The string matching function's return value was evaluated incorrectly.
Fixes trac #7920.
Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Also propagate proper AVERROR codes while at it.
Fixes ticket #8230.
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
Fixes: memleaks
Fixes: 18023/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA2_fuzzer-5642535011090432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: shift exponent -2 is negative
Fixes: 17736/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PCM_F16LE_fuzzer-5742815929171968
Fixes: 17998/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PCM_F24LE_fuzzer-5716980383875072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>